Between signature open and closed to admin...
From: Yune Sung ¼ºÀ±±â (yune@kisa.or.kr)Date: 03/26/02
- Previous message: John S Flowers: "Re: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Mar 2002 13:46:02 +0900 From: Yune Sung ¼ºÀ±±â <yune@kisa.or.kr> To: focus-ids@securityfocus.com
Hi to all !!
I have a question regarding IDS signature openness policy.
There might be a seperate policy about it, either opening or prohibiting
IDS detection signature to admins.
I understand that open source like Snort keep their way in signature
open, therefore enhance it more, help admin analyse attack throughly.
However because of them, attackers are able to bypass detection rules or
deactivate the system using Stick or something.
So, let me ask you, what is more secure and reliable? Would you open or
prohibit it from administrator's manipulation?
Please give an response with perspectives of vendors and admins....
Thank you in advance...
Yune Sung.
--SYG, IDS Evaluation, Korea Information Security Agency ------------------------------------------------ e-mail : yune@kisa.or.kr yune@netian.com Fax : 82-2-405-5369 Tel : 82-2-405-5366 Cell : 82-11-706-7565
http://www.kisa.or.kr ------------------------------------------------ Even if a TOE security function cannot be bypassed, deactivated, or corrupted, it may still be possible to defeat it because there is a vulnerability in the concept of its underlying security mechanisms.
- Previous message: John S Flowers: "Re: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
